The impact of exisiting or impending legislation on an organisation

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Meetings are one of the effective means of exchanging ideas and information. My mentor was 'Mr. who is my senior at Sarbanes-Oxley Compliance Project at Sony United Kingdom Limited. His quarter-century experience in commercial function has provided me valuable guidance throughout the project. I was preparing Agenda before every meeting and Action Plan during meeting to log tasks to be done.


Our first meeting took place on 24th December 2004 at my mentor's office. Topic Selection and discussion over sources of information were the main Agenda. I briefed him of the information gathered for my short-listed topics 'Impact of Sarbanes-Oxley Act of 2002' and 'Impact of IFRS 39'. I decided to opt for Sarbanes-Oxley as I was working on this Project and was able to access the concerned Corporate Executives.

I discussed benefits and costs of Sarbanes-Oxley Act of 2002 with my mentor. My mentor appreciated me on background work done before meeting. However, he mentioned to focus on hidden costs and benefits of compliance i.e. benefits of job rotation due to availability of properly documented systems and costs in terms of business executives' time required to document systems.

After this meeting, I plotted Project Tasks on Gant Chart to complete first phase of 'Planning the Work' and to embark upon second phase of 'Working the Plan'.


Our second meeting was held on 21st January 2005. I provided him a brief progress report of the project (Appendix A).

During meeting, I discussed with him the problems I faced during information gathering. He agreed that main source of information will be websites and newspaper articles. He also suggested some websites e.g. However, he advised to keep websites of big four accounting firms as reliable reference.

I briefed him of my progress and my initial view that benefits of this law out-weigh its costs.


Our final meeting took place on 6th September 2007. I delivered a Presentation based on Information Gathering and Analysis performed.

During presentation, my mentor asked some questions and I was able to provide reasonable explanations based on the knowledge gained during last two months. Discussion also identified some new issues related to future perspective. I noted those to include in my report.

My mentor congratulated me for delivering a well-prepared presentation and accumulating a well-read knowledge base in such a short time. I thanked him for his personal interest in guiding and steering me throughout this Project.

Later, I finalized my report by introducing enhancements into it.


Questions initiate learning process. Therefore, in the first meeting I agreed with my mentor to apply the principle..…'It is better to ask silly questions than to learn nothing gracefully.'

I realized the importance of questioning while conducting primary research. In my initial discussions with business managers, I used open-ended questions to get more information regarding this new topic. Later on, I had to switch to probing questions to get more information on hidden costs.

I consulted BPP 'Success in your research and analysis project' for improving my key skills required to carry out this Project. I got valuable guidance on types of Questioning, Listening, and Referencing.

Some of the questions my mentor asked me during the meetings were :

What information have you gathered so far ?

Have you consulted websites of big four audit firms and ?

Are you referencing your materials ?

Do you have sufficient information on referencing methods?

How you are managing your time to complete the project on time ?

Are you incorporating new developments in your report ?

Similarly, some of the questions I asked him were:

I have short-listed two topics for my Project. These are impact of IFRS 39 and Sarbanes-Oxley Act. May we discuss these topics to finalize one for my project?

I am not getting much published material in the form of books. Websites and articles in accounting journals and newspapers are the main source of information. Are you aware of any other source of information?

What improvements can I make in my future presentations?


Importance of listening can not be over-emphasized. It is a very important part of communication cycle. Exchange of information is incomplete without proper listening.

Incomplete or incorrect listening can be due to environmental or internal reasons. Environmental reasons are external factors and include physical noise, interruption, etc. Internal reasons could be due to selective exposure, selective attention, selective retention, pre-conceived ideas, and non-verbal communication etc. We managed to avoid external factors by meeting in a quiet, separate place. However, internal factors were difficult to manage and those were resulting in my bias towards benefits of this law. Fortunately, my mentor noticed this in the first meeting and identified to focus on hidden costs as well. Hidden costs played a key role in analysis and 'Listening for Content' style paid me off. I was also concerned not to selectively retain positive feedback only and to forget negative feedback, which was expected to be in neutral tone due to status of mentor.

In my primary research, I conducted informal discussions with Business Executives, Public Accountants, Sarbanes-Oxley Compliance Project Managers, Sarbanes-Oxley Compliance Team Members, and Investors. Initially, I used 'Listening for Content' style to get broader picture of the issue. However, I realized that it is a sensitive issue. Wilful misrepresentation may result in 20 years jail term for the Chief Executive Officer and Chief Financial Officer of the Company. Further, the most hard-hit group by this law, at least in short term, are business executives. Their working time is strained with huge task to supporting Sarbanes Oxley Compliance Teams. This group was reluctant to criticize this law openly as it was introduced due to irregularities of business executives. Therefore, I switched to 'Critical Listening style' and filtered out initial reactions with probing questions, supported by my own experience. I conducted Unstructured Interviews in the form of informal discussions with the interviewees, instead of pre-appointed Interviews. This technique resulted in wealth of information about hidden costs and other very useful ideas.


My experience of business presentation helped me a lot with this presentation. I was well prepared with updated knowledge to answer my mentor who is an experienced finance professional and a knowledgeable person on Sarbanes-Oxley Act 2002. I prepared my two-page outline on MS Power Point. I connected my Laptop with the Data Projector to present the outline of the Presentation. I had my notes to supplement the discussion. I rehearsed the presentation at home in front of my family to ensure my tone was audible and clear. I kept fifteen minutes for presentation and then fifteen minutes for answering queries of the mentor. However, my mentor advised to keep it a thirty-minute session for combined presentation and discussion. It was very helpful as outline was displayed on projector screen and my mentor was initiating discussion as I was completing a part. In response to questions, I was quoting brief examples from my own experience and knowledge obtained through primary and secondary research.

Some of the questions I was asked were…

What is the importance of Corporate Governance for a healthy economy?

Are current legislation sufficient to avoid corporate failures in USA?

What are the existing or anticipated corporate governance legislation in the United Kingdom and other countries?

How realistic are the cost estimates and benefit expectations?

How are companies reacting?

Have you collected latest statistics regarding documents filing required by this law?


This project has identified areas where I needed more knowledge to effectively complete the Project. Key Skills Statement highlighted major areas of improvement as a result of this project. My project was focusing mainly on qualitative impacts of Sarbanes-Oxley Act 2002. This law is still in the process of implementation. Therefore, interaction with my mentor during meetings and with my interviewees during primary research was geared towards identifying future impacts of this law.

Self-Assessment of my interaction can be analysed with the help of the following two-way communication model.














ENVIRONMENTFigure 1 : Two-Way Communication Model

Understanding Noise and improvements in Noise Management Skill were one of the main learning from this project. Noise distorts communication process. There are four types of Noises (BPP, 2003). Physical Noise was most prominent and common. I always held discussions in meeting rooms to avoid physical noise. Technical Noise was mainly concerned for Presentation. I understood the operations of Data Projector before presentation. Social Noise was prevalent due to sensitive nature of the law. It was avoided through 'Unstructured Interviews' and 'Critical Listening Technique'. Last but not least, Psychological Noise was important for me due to my prejudice towards benefits of this law. This Noise was detected and avoided by my mentor as explained in Listening section.



TOPIC - Impact of Sarbanes-Oxley Act of 2002 on Sony UK Ltd.


Corporate Frauds like Enron

Increasing use of off-balance sheet events

Increasing use of share options as means of executive remuneration


Section 404 - CEO & CFO Certification of Internal Controls

Section 301 - Auditor Certification


Perform an examination of impact of this law on Sony

Identify hidden costs and benefits of Compliance

Identify areas for improvements



Actual Law and Rules

Corporate Reaction

Consumer Perspective

Estimated Compliance Costs

View of Business Managers who are subject to increasing controls


Total Costs are not available for companies not registered in USA

Business Executives were reluctant to criticize the law.






Enterprise Risk Management in an organized manner

Orientation of business managers towards Risk Management

Systems Documentation will facilitate job rotation - deterrent to fraud.

Development of many bespoke Enterprise Risk Management (ERM)

Auditors focus on Internal Controls will enable company use their experience in achieving better and efficient controls


Direct Costs of Audit and Consultancy - over US$ 5 million

First Year - Major part of business executives' time is devoted for Compliance & testing which leaves very little time to focus on operations. i.e. Time spent on compliance process was at the cost of business

Learning curve effects of this new law and scarcity of professionals with system expertise has increased project cost & raised questions over quality for the first year documentation

Compliance time is very limited i.e. Sony has to be compliant effective accounting year beginning from 1st April 2005. (One year extension was granted after presentation)


Compliance will avoid penalties and de-listing from NYSE

Investors' confidence will improve which will make equity available in secondary market at lower cost

Better internal controls will reduce wastages and will facilitate efficient operations to survive in today's cost-led competitive environment.


Material Weaknesses reported by auditors may drop share price and caution suppliers to insist on lower credit period

Lower dividend payout due to increased spending on compliance project may annoy shareholders

Control Deficiencies reported by 582 companies till Jan 2005. It may lower the investors' confidence from secondary markets.




1.1 Terms of Reference

This Research and Analysis Report and the annexed Key Skills Statement have been undertaken to obtain a BSc (Hons) degree in Applied Accounting from Oxford Brookes University.

Introduction to Topic

The topic chosen for my Research and Analysis Project is 'An examination of the impact of existing or impending legislation on an organisation'. I will examine the impact of Sarbanes-Oxley Act of 2002 on Sony UK Ltd.

This law was enacted in the United States of America and is applicable to 2,800 companies listed on New York Stock Exchange (NYSE). 460 Foreign Registrants (companies registered in any country outside the United States of America and are listed in NYSE) are required to comply with this law from their accounting periods ending on or after July 15, 2005 ( This deadline was extended to July 15, 2006 (SEC Rule 33-8545). 113 companies, registered in the United Kingdom, are listed on NYSE and are, therefore, required to comply with this law.

Corporate Governance has always been very important to the governments of capitalist countries. Secondary markets act as barometer of the state of economy. Investor confidence is the key to success of secondary markets. Investors want safety of their investment, which is ensured through proper Corporate Governance by the management of the company who is entrusted with the investment. Government enacts laws, which ensure proper Corporate Governance without creating bureaucratic hurdles in efficient operations.

Corporate Frauds like Enron resulted in strict regulations like Sarbanes-Oxley Act. Annual Report of the listed companies normally consists of Financial Statements with relevant disclosures, Auditors Report thereon and Directors Report. This law has introduced the concept of Internal Controls Report to be issued with the financial statements and the Auditor's Opinion on this report and on internal controls as a whole. In Internal Control Report, Chief Executive Officer (CEO) and Chief Financial Officer (CFO) of the organisation report on adequacy and proper operation of the internal controls. Before this law, Auditors were mentioning in their Audit Report that maintaining proper internal controls is the responsibility of the management. Board of Directors, representing management of the organisation, were confirming existing of proper internal controls in their Directors' Report. This law has shifted primary responsibility of system of internal control to CEO and CFO. This law has enacted imprisonment upto 20-years and penalty upto US$ 5,000,000 for deliberate submission of wrong reports.

1.1.2 Reasons for choosing the Topic

I am currently working on a Sarbanes-Oxley Compliance Project for Sony United Kingdom Ltd. This experience has provided me with valuable insight of Corporate Governance and impact of this law on Corporate Sector. I was quite confident with this topic as I had personal interest and updated knowledge of this law. Further, I had access to concerned commercial executives associated with compliance of this law. Therefore, I chose this topic to examine impacts of this law.

1.1.3 Aims and objectives of the Report

This Report will analyse the benefits and costs of Sarbanes-Oxley Act of 2002 being experienced by Sony UK Limited. It will also explore non-financial and hidden benefits and costs associated with compliance of this law.

My practical experience on Sarbanes-Oxley Compliance Project enabled me explore hidden costs and benefits of this law. This law has recently been enacted. Therefore, financial costs are estimates. Further, positive and negative impacts of this law are mainly based on opinion, logic and experience of commercial executives who are required to comply with this law and the public accountants who are required to verify the compliance.

1.2 Executive Summary

Sarbanes-Oxley Act of 2002 is the biggest change in Security and Exchange Act, 1932 since it was enacted in the United States of America. Total Compliance costs may exceed US$ 14 billion i.e. less than 1% of total market capitalisation of US$ 20 trillion in NYSE (

20th Century witnessed growth of Corporate Sector. Corporate Governance rules have been in practice to protect investors ever since corporate sector flourished. However, Conflict of Interest has always been the biggest hurdle in application of Agency Theory. Management, empowered to manage the business as agent of shareholders, was sometimes not acting in the best interests of the shareholders. Recent Corporate Frauds like Enron have prompted lawmakers to enact this stringent law suggesting 20 year jail term for Chief Executive Officer and Chief Financial Officer in case of incorrect reporting over Internal Controls.

Benefits of this law are enormous. This law has highlighted importance of Internal Controls, which either prevent or detect a material misstatement in underlying financial statements. Earlier, auditors were responsible for reporting on of financial statements and management was responsible for maintenance of adequate internal controls. Now, management is required to report on adequacy and operations of internal controls and auditors are required to verify management report and also to report on adequacy and operations of internal controls. This law has also amplified the importance of Enterprise Risk Management (ERM) concept and ERM software that ensures adequacy and operations of internal controls in an organized way. ERM software industry got a boost and many bespoke ERM software are now available for medium and small size companies, which cannot afford development of in-house ERM software. Documentation of Internal Controls has increased efficiency of operations. It also facilitated Job Rotation & proper Segregation of duties - a key deterrent to Fraud.

The above-mentioned benefits will be achieved with a price tag of over $5 million. Every year additional costs will be incurred for maintaining and audit of ERM system. Commercial Executives have faced strain on their time because of their involvement in documentation and testing of system of internal controls. Learning curve affects and scarcity of professionals with relevant experience as increased the cost of project.

Benefits of this law out-weigh the costs. Investor confidence, being restored by this law, is the key to growth of secondary markets and corporate sector. Costs are skewed towards earlier years and benefits will accrue evenly. Further, Compliance costs will decrease in real terms every year except for the years with major change in business processes introducing new risks and requiring new controls to address those risks.


2.1 Introduction

A report is as reliable and update as its information sources are. Analysis and Conclusion can not be accurate unless they are based on reliable information. Technology has changed this world into a global village. Abundance, not scarcity, of information is an issue in extracting relevant information from the huge volume of available data.

Corporate Governance & Agency Theory are prevailing since centuries. However, Sarbanes-Oxley Act is a new phenomenon towards those concepts. Its impacts are yet to be experienced by corporate sector. Therefore, obtaining reliable, relevant and update information was a challenging tasks of this project.

In this section, I would like to state the phases I have gone through for gathering information. First phase was identifying specific information needs. It was very helpful to structure the information-gathering phase. 2nd Phase was obtaining Secondary Information to understand the context of Corporate Governance, Agency Theory, and Sarbanes-Oxley Act before addressing its impact on an individual organization like Sony UK Ltd. 3rd Phase was embarking upon primary research to obtain specific information about the impact of this law and comparing it with views of the commercial executives of another organisation (Siemens) which is also going through compliance phase of this law.

2.2 Information requirements

I have identified the following information to be gathered for the purpose of this report.

Corporate Governance and Agency Theory - Concept and practical implications within last two decades

Corporate Governance Legislation in the United States of America and other countries

Sarbanes-Oxley Act of 2002 and its relevant Rules issued by Securities & Exchange Commission, USA (SEC)

Benefits of this law envisaged by Senator Sarbanes, Congressman Oxley, SEC, Corporate Sector and Investors.

Estimated Costs of this law

Reaction of Corporate Sector

Future perspective of Corporate Governance

Report writing skills and Harvard referencing system

2.3 Sources used and their reasons

Information gathering phase consisted of two logical parts i.e. Secondary Research and Primary Research. We will discuss the sources in these two parts.

2.3.1 Secondary research

Secondary Research provided me the background information about Corporate Governance, reaction of corporate sector - mainly from multinational companies listed on NYSE, and progress of other countries in enacting similar laws to protect their investors.

I used two methods for my secondary research. Electronic search

This law is relatively new and rules are being updated continuously. Therefore, Electronic Research enabled me keep track of the changes in this law.

Initially, I browsed many websites found through used various search engines such as,, etc. Later on, I restricted myself to reliable and update websites such as,,,, www.accountancy.age,,,,, Library search

Library research consisted of two parts. One part was information regarding report-writing skills. I used a book titled "Success in your research and analysis project" published by BPP Professional Education. I learnt report writing skills and expectation of Oxford Brookes University to enable me write a report as per the standards. Another major part was getting background information about current trends of Corporate Governance. I visited library and found that Accountancy magazines (Accounting and Business, Student Accountant etc.) were more useful than books.

2.3.2 Primary Research

Primary research consisted of reading website of SONY and interviewing business executives involved on Sarbanes-Oxley Compliance Project. Those informal interviews provided me insights about impact of this law on control environment and internal operations of the organisation. Further, it also enabled me understand the hidden benefits, hidden costs, and problems associated with compliance of this law.


3.1 SWOT - The Theoretical Framework

I chose SWOT model as it is a useful tool to perform Qualitative Analysis. Impact of this law will be examined by means of SWOT analysis. Our hypothesis will be positive i.e. this law is beneficial for the organisation. Strengths will represent internal efficiencies expected to be achieved after compliance with this law. Weaknesses will be costs and inefficiencies associated with this law. Opportunities will highlight returns for the organisation by seizing the external opportunities. Threats will signify risks organisation will face by embarking upon compliance process.

3.2 Application of SWOT Framework on Sony to Examine impact of compliance with Sarbanes Oxley Act of 2002


This law has been termed as gold standard by SEC (Tom Bawden, The Times Jan 25, 2005 - Compliance Week). Major internal efficiencies expected within Sony UK Ltd by Sarbanes-Oxley Compliance are summarised in ensuing lines. Enterprise Risk Management in an organized manner

Enterprise Risk Management (ERM) is a key concept for sustainable growth of organisations. It involves identification of risks facing the organisation and embedding controls within operations to address those risks. Organisations need to strike a balance between cost of control and returns expected by addressing the risks. Expected returns are probability of risk of control failure multiplied by loss in monetary terms if control does not operate as intended.

Sarbanes-Oxley Act of 2002 has forced organisations like Sony to adopt an organised approach towards Risk Management. Increased awareness of ERM by large organisations resulted in development of ERM Software Industry. High demand of ERM Software led the industry passed through initial learning curve effects quickly and many bespoke ERM software were developed to cater the needs of different size of businesses. Development Expenses were funded by the budget of big companies whose CEO and CFO were willing to purchase that software at higher price to establish efficient ERM Systems. These bespoke soft wares will be utilised by small and medium size companies without spending development costs thereof. Orientation of Business Managers towards Risk Management

Corporate Governance is a concept that needs to be permeated in each function of the organisation. Good Corporate Governance can only be ensured when all levels of personnel, especially the Business Managers practice it and become role models.

Involvement of Business Managers in compliance process oriented them to keep risk management as one of the key priority in business operations. Documentation of existing system of Internal Controls, identification of risks facing the company and introducing controls addressing the risks, not addressed by existing controls, have led them to keep track of those concepts whenever a new process is implemented. Systems Documentation will facilitate job rotation

Job Rotation is a deterrent to fraud. It also provides employees an opportunity to understand full business process and add value to the business based on their experiences.

System Documentation facilitates job rotation. Further, job rotation acts as a peer review of system documentation and enhances quality of documentation. Auditors' review of Internal Controls will facilitate identification and removal of deficiencies

Audit of Financial Statements results in reporting opinion over fairness of financial statements and identifying any material misstatements existing therein. Auditors were reporting that development of effective Internal Controls was responsibility. However, management's confirmation of effective Internal Controls was being made on behalf of Board of Directors. Board of Directors is a body where directors do change and accountability was unclear. Now, CEO and CFO are made accountable by way of certifying the adequacy and operations of Internal Controls.

Auditors are also enjoying greater authority for reviewing internal controls. However, this authority is coupled with responsibility that requires them to exercise great care. Auditors used to evaluate system of internal controls to perform overall audit risk measurement at entity level and class of transactions level. However, the objective of that exercise was to manage audit risk. Now, the objective will be to report on adequacy and operations of those controls. It will require them to perform audit of those controls instead of review only.

3.2.2 WEAKNESSES Compliance teams are keeping business executives away from operations

Team of Professionals, working on compliance project, were not aware of specific business processes and risks. Therefore, they were meeting with business executives to document business processes and appreciate risks facing the business. US public companies have spent 25,667 internal hours and 5,037 external hours on average for the compliance process (David Anderson, Accounting & Business (ACCA), Feb 2005). This internal time came from business executives who would have otherwise worked on operations. It not only diverted focus of key executives away from business but also resulted in control deficiencies because of non-availability of those executives to operate the control.

Huge Compliance Costs may decrease profit margins and dividend payouts

Competitive pressures and low growth in major world markets have already decreased margins for companies like Sony. Sony is exercising head-count freeze since a couple of years. Additional compliance costs will decrease margins, at least in the first year, and may affect dividend payouts as well.

Large US companies have spent over $5 million for compliance (Tom Bawden, The Times Jan 25, 2005 - Compliance Week). Decision to spend such huge amount of money was resulted from enactment of twenty years imprisonment for CEO and CFO in case of wrong reporting. Compliance expenditure will not be limited to first year only. Continuous improvements in internal controls, testing of internal controls, and documentation of new processes are forcing companies to set up Compliance Department and employing permanent staff to ensure compliance. Further, External Audit costs will be increased substantially due to internal control certification.

Economy is already saturated in USA, Japan and Europe. These three markets account for over two-third of world economy. Growth rates are low and these three large economies are inter-dependence on each other. Therefore, increase in corporate profits is being achieved mainly through cost cuttings and rationalisations. In this cost cutting scenario, compliance costs have annoyed corporate sector, especially the Foreign Registrants. However, de-listing is not the remedy as the SEC rules are applicable for companies having 300 or more American investors (Investors Guide). The decision of China Bank not to list in NYSE was not a surprise ( ). Chinese corporate sector is not yet mature enough to establish the system of internal control required by Sarbanes-Oxley Act of 2002. Compliance with this law required huge outlay of funds, which might offset the benefits of listing on NYSE. Tight Deadline for Compliance

Companies registered in USA are required to be compliant from their accounting periods ending on or after Nov 15, 2004 (SEC Rule ). Compliance Reports were to be filed within 45 days of year-end. Companies having December as accounting-year end have submitted their first Compliance Reports by 15th February 2005. Further, Internal Controls should be operative during the accounting period i.e. year 2004. The final rules of this law were published in June 2003. Effectively, those companies had six months to document their Internal Controls, identify risks of material misstatement in the financial statements, and implement controls addressing the risks facing the company. It was a challenging exercise for large companies not having proper documentation of Internal Controls. Compliance deadline for Foreign Registrants was accounting year beginning on or after July 15, 2005. A delegation of Foreign Registrants, led by Siemens, met SEC Chairman to convince them to extend the deadline for Foreign Registrants. On March 2nd the SEC has issued amendment in the rules for Foreign Registrants and extended the deadline by one year to accounting year beginning on or after July 15, 2006. It has helped reducing strain on Foreign Registrants, although companies registered in USA had to submit their report as per original deadlines.

It resulted in 582 companies admitted weaknesses to SEC until January 2005 (Tom Bawden, The Times Jan 25, 2005 - Compliance Week).

3.2.3 OPPORTUNITIES Opportunity to identify, report, and rectify deficient controls without any direct penalty for control deficiencies

This law had enacted penalties for wrong reporting. However, there are no penalties for reporting control deficiencies. Therefore, it provides an opportunity for Sony to identify control deficiencies at work out to remove them. However, this approach has resulted in vast number of reported control deficiencies. Investor confidence will result in sustainable growth of share price

Management's prime responsibility is towards shareholders. Compliance of this law will increase investor confidence over secondary market in general and over compliant companies specially. It will result in sustainable growth of share price. Capital gains (realised or unrealised) will set-off decreased dividends caused by increased compliance costs. Further, better internal controls will ensure safety of investment. Successful completion of Compliance Project will enable compliance with similar requirements by European Community and other Countries

European Commission is considering requirements similar to Sarbanes-Oxley Act of 2002. Some other countries like Pakistan have already enacted laws with requirements similar to this. Many other countries are embarking upon legislating similar requirements.

Companies like Sony are operating in most of the countries. Compliance with this law will enable Sony to be compliant with EU Directives and similar laws of other countries where Sony is operating.

3.2.4 THREATS Risk of wrong reporting because of subjective nature of internal controls

Identification of Risks facing the company and controls addressing those risks is a subjective exercise. Business executives understand the business but are not used to of formally identifying risks, whereas compliance teams can not appreciate risks, as they are not completely aware of the business processes. It is quite challenging to identify all risks for the first time. On the other hand controls suggested by compliance team may not be effective for those business processes or there might be loopholes, which will be identified only after implementation thereof.

Internal Control Report, issued by CEO and CFO, may not report all control deficiencies. Auditors may find additional control deficiencies, which will appear in Auditors' Report. Therefore, there is a risk that after spending huge expenses and efforts companies may still have control deficiencies reported by external Auditors. Reported control deficiencies by huge number of companies may hamper Investor Confidence on the secondary markets

Hundreds of companies are reporting control deficiencies. Until January 2005, some 582 companies have filed reports with control deficiencies (Tom Bowden). Such a huge number of companies reporting control deficiencies have raised questions about the status of this law. It can have negative two consequences. First this may decrease investors' confidence in secondary markets resulting in decreased probability to attract investment for right issues. Right issues are low-cost source of funds and may be resorted to in a bid to save interest costs of debt financing. Second increasing number of non-compliant may make this law irrelevant for investors. In case a large number of companies report control deficiencies, investors will not be able to find enough number of properly governed companies representing stock market to achieve diversification of investment and cover unsystematic risk if investment. Indifference approach by Investors on reported control deficiencies may render compliance function an expensive luxury

Ordinary shareholders do not have competence to convert material weaknesses into decrease in future earnings per share. Even the Credit Rating agencies will find it difficult to change ratings based on reported material weaknesses. It is too early to gauge market reaction on material weaknesses in internal reports. However till 20th March i.e. after over a month of submission of Sec 404 reports by accelerated filers, there was no major reaction in secondary markets. If investors and Credit Rating Companies continue to hold this indifference or passive approach then this whole exercise may become fruitless. Penalties imposed by this law are for wrong reporting. In case a company reports all material weaknesses, the only penalty is drop in share price and credit rating. This will in turn result in major shareholders forcing or changing management to take corrective actions.

SEC can play its role by presenting statistical summaries of updated filing. Compiling company-wise (detailed) and sector-wise (summarized) reports of reported material weaknesses. Thereafter, market forces should play their pivotal role to penalize loosely controlled companies and reward properly controlled companies. Scarcity of professionals may affect quality of system of internal control

Scarcity of professionals having experience of Risk Management and developing Systems of Internal Controls is a big challenge for compliance projects. Risk Management function has been created or given importance in organisations mainly after introduction of this law. Consultants and consulting companies are being hired to ensure compliance. Companies like Sony have little experience to ensure competence of consultants in applying their prior knowledge into this new field. Consequently, hiring organisations end up training the consultants, which increase project cost. Learning curve affects will improve quality in successive years. However, quality of first year documentation will largely depend on quality of professionals hired on this project. Shareholders, the only stakeholder to foot the bill of compliance, may retaliate by moving investment to other sectors of economy

Increasing costs will be borne by shareholders and / or customers. Current competitive environment dictates that increasing product prices will divert the customers away to competitors and may result in disproportionate loss of revenue and net profit. Shareholders are the only stakeholders remaining to bear the burden. There was an expectation of capital gain for shareholders of properly controlled companies by movement of investment towards those companies. However, this expectation has not been materialised.

There is a need to educate the shareholders to treat compliance costs as a hedge against corporate frauds. Compliance with this law and maintaining effective system of internal controls will minimize the probability of corporate failures like Enron and WorldCom. Adelphia, the bankrupt US cable TV company disclosed more than 700 deficiencies (Tom Bowden, The Times, 25 Jan 2005). Affect on Company's credit rating by Rating Agencies

Moody's commented that material weaknesses may affect credit rating of a company if deficient internal controls are expected to affect management's ability to prepare accurate financial statements and ability to control the business in lower rating. (Tom Bawden, The Times, 25 Jan 2005).


Benefits of Sarbanes-Oxley Act of 2002 out-weigh the costs accruing for Sony. However, management override of controls and commitment to ethics are among some of the areas not addressed by this law.

I remember watching Enron proceedings of American Senate Committee. Chief Executive Officer of Enron claimed he was not aware of any accounting irregularity and was not competent to detect one. Later, he was asked to give example of an expenditure related to profit and loss, which can be presented on balance sheet instead. He mentioned Stock Options. This example not only proves his accountancy knowledge but also explains the nature of examples in his knowledge base. Had he responded R&D or Pre-Operating Expenses, it would have proved his accountancy knowledge only but not attention to perquisites.

American companies are traditionally more control focused than many European and Asian companies. American accounting and corporate governance regulations are rule-based whereas many European and Asian countries follow principles-based accounting and corporate governance system. Internal Control Manuals are a commonplace thing in American Companies, whereas, many European and Asian companies do not develop those. Despite being so regulated, huge corporate frauds were discovered in American secondary markets. However, this fact can not be taken as evidence that rule-based system attracts corporate frauds because size of economy, individual differences among humans, and specific circumstances do play a key role. Sarbanes-Oxley Act of 2002 has required SEC to consider merits of principles-based system as compared to rules-based system. Further, this law is not devising any rules with respect to internal controls. It requires the CEO and CFO to certify that adequate Internal Controls exist to address risks, which may result in material weakness in the financial statements. This has always been the responsibility of the management and auditors were mentioning in their audit report to shareholders this fact. Board of Directors were also confirming existence of adequate internal controls. However, there were no penalties for wrong reporting about adequacy of internal controls and individuals were not accountable. This law has filled that loophole.

Conclusion reached regarding individual problems created by this law and inefficiencies associated with this law are being discussed in ensuing lines.

4.1 Increasing Costs resulting in Decreasing Profits and Dividends

Magnitude of costs will depend on the quality of documentation and risk management efforts. Many American companies have completed the first time compliance with this law. Cost of compliance with Section 404 of this law by US companies is estimated to be US$3.14 million and expenditure on software and IT consulting is estimated to be $1.037 million (David Anderson, Accounting & business, Feb 2005 - Financial Executive International) . Auditors fee for attestation of the internal controls is estimated to be $823.2 as revealed by a survey of 224 public companies with average revenue of $2.5 billion (David Anderson, A&B, Feb 2005). Compliance expenditure in future years will be substantially lower and will be limited to additional Audit Fee and some Internal Audit Staff permanently allocated for monitoring and testing System of Internal Controls and changes thereto.

Sony is already facing challenges from low-priced competitive products. Technology is changing fast. Investment in Research and Development by big companies does not yield high returns because of quick obsolescence of new technologies and copying by competitors. Customers are moving to low-priced products because of the need to change products quickly. Therefore, heavy compliance costs will widen the gap between prices of premier brands and low-priced brands if other variable remains constant.

However, rationalising of business processes and elimination of duplicate controls & tasks will recover those additional costs. Documentation of business processes identifies duplication of controls and tasks. It also identifies an executive responsible for each process. Accountability results in proper supervision and cost savings. Proper documentation also facilitates Job Rotation, which minimizes probability of abuse of authority and collusion. This saves companies a lot and provides with a pool of human resources who can replace each other without compromising quality of work.

These all factors results in cost savings. Those cost savings will be realized every year and will definitely exceed accumulated compliance costs within a short span of time.

4.2 Time of executives

It has been identified during primary research and secondary research that Business Executives were spending a big proportion of their time with compliance teams. This was limiting their ability to control business process by applying internal controls and supervising staff.

Analytical review of this issue confirmed that a big proportion of Executives time was really being spent on compliance process. However, it was providing them with updated knowledge of their own processes. It equipped them with risk management thinking style. This will save their time in controlling the process efficiently in future. Further, process documentation can be used as training material for new employees or rotated employees instead of devoting senior employee time in training a new team member. This time saving will cover a big proportion of time spent with compliance team.

4.3 Subjective nature of Internal Controls may result in material Control Weaknesses reported by Auditors

This issue was much debated in the corporate sector. Auditors were also very sensitive and careful about their attestation as any wrong attestation can initiate litigations and can hamper their reputation. There are two facets of the issue. First one was related to the companies to satisfy the auditors that adequate internal controls were in operation during the period under review. Second was for the auditors to apply judgement with prudence and due care to examine and conclude on this subjective area.

Companies have resolved this issue by hiring a public accounting firm, normally of a similar level of their auditors, as consultant for compliance project. Sony has hired Ernst & Young LLP as their consultant to document design and operation of internal controls to satisfy the external auditors, PriceWaterhouseCoopers LLP. Further, big 4 auditing firms have jointly issued a booklet "Internal Control over Financial Reporting - An Investor Guide" in December 2004. Such publications will educate investor education and will contribute towards building investor confidence over secondary markets.

Nine large public accounting firms have resolved this issue by agreeing on a framework for classifying deficient control, significant deficiency, and material weakness (A Framework for Evaluating Control Exceptions and Deficiencies, Version 3, December 20, 2004). These large public accounting firms are auditing majority of companies listed on NYSE. Companies are hiring one of these firms, other than external auditors, as consultant. Consulting firm ensure complying with this framework which will be the basis of external auditor's attestation as well. This has resolved the subjectivity of the reporting. Remaining issue is related to a material weakness not identified by the company and the consultant but highlighted by the External Auditors. The issue becomes complex when this material weakness can not be covered by introducing a compensating control before year-end.

Public Accounting Firms are co-operating with the auditee companies by identifying and discussing the areas where a deficient control can become a material weakness. Materiality limits are also established to indicate the company and consultant to focus on the significant areas. Further, external auditors perform an interim evaluation of the system of internal control well before the year-end to identify deficient controls and advise management to establish compensating controls to avoid reporting of material weaknesses.